W2K vpn client to Cisco 3005 VPN concentrator

I've got a project to configure a Cisco 3005 vpn concentrator to allow connections from the w2k builtin vpn client.

The concentrator currently has users connecting via the Cisco client using IPSec, and authenticating against an Active Directory server.

The way I understand things is, PPTP is supported, but only without encryption when authentication against Active Directory. And the only other option is L2TP/IPSec, which is mutually exclusive with the IPsec-only that's currently in use. (Have I got this all correct?)

So, the only option open here is PPTP without encryption, correct?

Is there any way to get the w2k client to do l2tp without ipsec?

Thanks!

Reply to
srp336
Loading thread data ...

Yes, you can connect to a Cisco VPN concentrator using L2TP alone or L2TP/IPsec.

By default, W2K creates an IPsec policy for L2TP that relies on digital signature (digital certificate) authentication. So, if you want to configure either L2TP alone or L2TP/IPsec with pre-shared key authentication then you need to modify the registry.

Take a look at this article for more:

formatting link

By creating the 'ProhibitIpSec' value, and setting the value to '1' (as discussed in the first part of the article), you actually disable the automatic creation of an IPsec policy (using digitial signature auth) for L2TP. So, if you don't want to use IPsec with L2TP, you can stop there, without following the instructions in the rest of the article (although you should consider the security implications!).

Hope that helps,

Mark

CCIE#6280 / CCSI#21051 / JNICS#121 / etc.

Author:

formatting link

Reply to
mark

I've gotten l2tp working with the w2k client and cisco vpn 3005, but it looks like the same problem I was having with pptp.

Is there no way to connect with pptp or l2tp to a 3005 concentrator with encryption, when that concentrator is authenticating against an Active Directory server?

Reply to
srp336
[skip]
[skip]

Can the same problem be solved under Windows XP and Windows 2003? Key 'ProhibitIpSec' does not work and I found no solution on MSDN site.

Reply to
Anatoliy Mysnyk

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.